CVE-2011-5000

openssh: post-authentication resource exhaustion bug via GSSAPI

Severity Score

3.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

La función de ssh_gssapi_parse_ename en GSS-serv.c en OpenSSH v5.8 y versiones anteriores, cuando gssapi-with-mic de autenticación está activada, permite a usuarios remotos autenticados provocar una denegación de servicio (excesivo consumo de memoria) a través de un valor demasiado grande en un campo de longitud determinada. NOTA: puede haber escenarios limitados en el que este tema es relevante.

*Credits: N/A

CVSS Scores

NISTv2 3.5

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-12-24 CVE Reserved
2012-04-04 CVE Published
2023-08-31 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-189: Numeric Errors
CWE-400: Uncontrolled Resource Consumption

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC
http://seclists.org/fulldisclosure/2011/Aug/2	2024-08-07
http://site.pi3.com.pl/adv/ssh_1.txt	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2012-0884.html	2012-07-22
https://access.redhat.com/security/cve/CVE-2011-5000	2012-06-19
https://bugzilla.redhat.com/show_bug.cgi?id=809938	2012-06-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				<= 5.8 Search vendor "Openbsd" for product "Openssh" and version " <= 5.8"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.2 Search vendor "Openbsd" for product "Openssh" and version "1.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.2.1 Search vendor "Openbsd" for product "Openssh" and version "1.2.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.2.2 Search vendor "Openbsd" for product "Openssh" and version "1.2.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.2.3 Search vendor "Openbsd" for product "Openssh" and version "1.2.3"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.2.27 Search vendor "Openbsd" for product "Openssh" and version "1.2.27"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.3 Search vendor "Openbsd" for product "Openssh" and version "1.3"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.5 Search vendor "Openbsd" for product "Openssh" and version "1.5"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.5.7 Search vendor "Openbsd" for product "Openssh" and version "1.5.7"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.5.8 Search vendor "Openbsd" for product "Openssh" and version "1.5.8"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0 Search vendor "Openbsd" for product "Openssh" and version "3.0"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0.1 Search vendor "Openbsd" for product "Openssh" and version "3.0.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.0.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0.2 Search vendor "Openbsd" for product "Openssh" and version "3.0.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0.2p1 Search vendor "Openbsd" for product "Openssh" and version "3.0.2p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0p1 Search vendor "Openbsd" for product "Openssh" and version "3.0p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.1 Search vendor "Openbsd" for product "Openssh" and version "3.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.2 Search vendor "Openbsd" for product "Openssh" and version "3.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.2.2 Search vendor "Openbsd" for product "Openssh" and version "3.2.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.2.2p1 Search vendor "Openbsd" for product "Openssh" and version "3.2.2p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.2.3p1 Search vendor "Openbsd" for product "Openssh" and version "3.2.3p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.3 Search vendor "Openbsd" for product "Openssh" and version "3.3"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.3p1 Search vendor "Openbsd" for product "Openssh" and version "3.3p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.4 Search vendor "Openbsd" for product "Openssh" and version "3.4"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.4p1 Search vendor "Openbsd" for product "Openssh" and version "3.4p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.5 Search vendor "Openbsd" for product "Openssh" and version "3.5"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.5p1 Search vendor "Openbsd" for product "Openssh" and version "3.5p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.6 Search vendor "Openbsd" for product "Openssh" and version "3.6"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.6.1 Search vendor "Openbsd" for product "Openssh" and version "3.6.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.6.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.6.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.6.1p2 Search vendor "Openbsd" for product "Openssh" and version "3.6.1p2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.7 Search vendor "Openbsd" for product "Openssh" and version "3.7"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.7.1 Search vendor "Openbsd" for product "Openssh" and version "3.7.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.7.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.7.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.7.1p2 Search vendor "Openbsd" for product "Openssh" and version "3.7.1p2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.8 Search vendor "Openbsd" for product "Openssh" and version "3.8"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.8.1 Search vendor "Openbsd" for product "Openssh" and version "3.8.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.8.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.8.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.9 Search vendor "Openbsd" for product "Openssh" and version "3.9"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.9.1 Search vendor "Openbsd" for product "Openssh" and version "3.9.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.9.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.9.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.0 Search vendor "Openbsd" for product "Openssh" and version "4.0"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.0p1 Search vendor "Openbsd" for product "Openssh" and version "4.0p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.1 Search vendor "Openbsd" for product "Openssh" and version "4.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.1p1 Search vendor "Openbsd" for product "Openssh" and version "4.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.2 Search vendor "Openbsd" for product "Openssh" and version "4.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.2p1 Search vendor "Openbsd" for product "Openssh" and version "4.2p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.3 Search vendor "Openbsd" for product "Openssh" and version "4.3"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.3p1 Search vendor "Openbsd" for product "Openssh" and version "4.3p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.3p2 Search vendor "Openbsd" for product "Openssh" and version "4.3p2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.4 Search vendor "Openbsd" for product "Openssh" and version "4.4"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.4p1 Search vendor "Openbsd" for product "Openssh" and version "4.4p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.5 Search vendor "Openbsd" for product "Openssh" and version "4.5"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.6 Search vendor "Openbsd" for product "Openssh" and version "4.6"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.7 Search vendor "Openbsd" for product "Openssh" and version "4.7"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.8 Search vendor "Openbsd" for product "Openssh" and version "4.8"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.9 Search vendor "Openbsd" for product "Openssh" and version "4.9"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				5.0 Search vendor "Openbsd" for product "Openssh" and version "5.0"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				5.1 Search vendor "Openbsd" for product "Openssh" and version "5.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				5.2 Search vendor "Openbsd" for product "Openssh" and version "5.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				5.3 Search vendor "Openbsd" for product "Openssh" and version "5.3"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				5.4 Search vendor "Openbsd" for product "Openssh" and version "5.4"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				5.5 Search vendor "Openbsd" for product "Openssh" and version "5.5"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				5.6 Search vendor "Openbsd" for product "Openssh" and version "5.6"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				5.7 Search vendor "Openbsd" for product "Openssh" and version "5.7"		-		Affected